Terms & Conditions

Terms and Conditions

1. Agreement a) Together with the Proposal, these Terms and Conditions form part of the Agreement between Cyberhacker.ai and the Client for the provision of the Services. These Terms and Conditions will apply to any further Services provided by Cyberhacker.ai to the Client unless otherwise agreed in writing. b) The terms of any Proposal will prevail to the extent of any inconsistency with these Terms and Conditions. c) Defined terms and rules for interpretation are set out in clause 20.

2. Term Cyberhacker.ai will provide the Services to the Client in accordance with the Agreement from the Commencement Date until the earlier of the End Date or the termination of the Agreement.

3. Warranties by Cyberhacker.ai a) Cyberhacker.ai warrants that:

   • It will perform the Services in a competent and prudent manner; and

   • The Services will be performed in accordance with all applicable laws, rules, regulations, and standards. b) OTHER THAN AS EXPRESSLY PROVIDED IN THE PROPOSAL OR THESE TERMS AND CONDITIONS, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL OTHER WARRANTIES ARE EXCLUDED.

4. Obligations of Client The Client will provide Cyberhacker.ai with access to its computer systems, premises, data, and any other information in the manner reasonably required by Cyberhacker.ai to perform the Services in accordance with the Agreement.

5. Authority a) The Client authorizes Cyberhacker.ai Representatives to access and use the Client’s computer systems as reasonably required by Cyberhacker.ai solely for the provision of the Services. b) The Client will provide Cyberhacker.ai with a signed authority in the form set out in the Proposal from such persons as Cyberhacker.ai reasonably requires, prior to the provision of any Services by Cyberhacker.ai.

6. Acknowledgments a) In performing the Services, Cyberhacker.ai acknowledges that the systems being tested may be live operating systems and Cyberhacker.ai will use all due care to minimize the impact of any tests which form part of the Services. b) The Client acknowledges that:

   • Cyberhacker.ai may immediately halt any testing which forms part of the Services if directed by the Client or if Cyberhacker.ai suspects that the Client’s information or operating systems are being unduly impacted; and

   • Provided Cyberhacker.ai has complied with clause 6-a, Cyberhacker.ai will not be in breach of the Agreement if the Services impact the information or operating systems of the Client, or performance of the Services is halted in accordance with clause 6-b bullet #1.

7. Service Schedules a) To the extent the Services include: i. Security Testing Services, the terms in Schedule 1 apply; and ii. Digital Forensic Services, the terms in Schedule 2 apply, and the terms of each schedule will take precedence over all terms.

8. Governance Risk and Compliance a) To the extent the Services include governance, risk, or compliance services, this clause 8 applies. b) The Client must ensure that the specifications relating to the Products and Services, and the use of the Services, satisfy all of the Client’s legal and regulatory obligations and any other Client compliance requirements including, without limitation, compliance by the Client with any Law, corporate governance matters, and internal company policies. c) Except to the extent prescribed in the specifications Proposal or SOW, nothing in the Agreement requires Cyberhacker.ai to ensure, recommend, or facilitate the Client’s compliance with any matter referred to in this clause 8, and the Client acknowledges that it has obtained its own advice on such compliance matters.

9. Service Fees and Expenses a) The Client will pay Cyberhacker.ai the Service Fees in consideration of Cyberhacker.ai providing the Services to the Client, in accordance with this clause 9. The Service Fee shall be exclusive of taxes, which Cyberhacker.ai shall add to its invoices at the prevailing rate. b) The Client will pay any expenses to be incurred by Cyberhacker.ai in performance of the Services as set out in the Proposal (“Expenses”), provided such Expenses are agreed in advance with the Client. c) The Client will pay the Service Fees (together with taxes where appropriate) and Expenses (if any) in the manner set out in the Proposal. If no payment terms are specified in the Proposal, the Client will pay the Service Fees and Expenses (or such portion as determined by Cyberhacker.ai) within 30 Business Days of the end of each month in which the Services are provided.

10. Non-Performance of Services a) Cyberhacker.ai will not be required to remedy any default or otherwise perform or re-perform any Services where the non-performance is caused or contributed to by the Client (including the Client’s employees, agents, or contractors) or any failure of the Client’s systems or IT infrastructure during the provision of the Services.

11. Force Majeure a) Cyberhacker.ai will not be liable for performance of any of its obligations under the Agreement as a result of an act of God, national emergency, war, prohibitive governmental regulations, labor dispute, or any other cause beyond Cyberhacker.ai’s reasonable control. If such a force majeure event occurs, Cyberhacker.ai will notify the Client of the occurrence and expected duration of that event. b) If a force majeure event renders performance of the Agreement impossible for a continuous period of at least fourteen (14) Business Days, either party may by notice to the other, terminate the Agreement.

12. Warranties by Client The Client warrants that it is (i) validly in existence under all applicable laws, (ii) duly authorized to enter into the Agreement, (iii) has obtained all required consents and approvals to do so, and (iv) is not contravening any law, judgment, order, or rule of any Government Agency or any agreement by entering into the Agreement.

13. Liability of Cyberhacker.ai a) NOTHING IN THIS AGREEMENT SHALL EXCLUDE OR RESTRICT EITHER PARTY’S LIABILITY FOR: (A) DEATH OR PERSONAL INJURY RESULTING FROM THE NEGLIGENCE OF THAT PARTY OR OF ITS EMPLOYEES WHILE ACTING IN THE COURSE OF THEIR EMPLOYMENT, OR (B) FRAUD. b) SUBJECT TO CLAUSE 11-A, BUT OTHERWISE NOTWITHSTANDING ANY OTHER CLAUSE OF THE AGREEMENT, CYBERHACKER.AI WILL NOT BE LIABLE FOR ANY CLAIM RELATING TO, ARISING OUT OF, OR IN CONNECTION WITH ANYTHING WHICH IS DONE (OR IS NOT DONE) BY THE CLIENT WITHOUT CYBERHACKER.AI’S PRIOR WRITTEN APPROVAL. c) SUBJECT TO CLAUSES 11-B, CYBERHACKER.AI’S MAXIMUM AGGREGATE LIABILITY HOWEVER ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF ITS OBLIGATIONS UNDER THIS AGREEMENT SHALL BE LIMITED TO $1,000,000. d) CYBERHACKER.AI WILL NOT BE LIABLE FOR LOSS ARISING FROM OR IN CONNECTION WITH ANY REPRESENTATION (OTHER THAN FRAUDULENT REPRESENTATIONS) AGREEMENTS, STATEMENTS, OR UNDERTAKINGS MADE PRIOR TO THE DATE OF EXECUTION OF THIS AGREEMENT OTHER THAN THOSE REPRESENTATIONS AGREEMENTS STATEMENTS AND UNDERTAKINGS CONFIRMED BY A DULY AUTHORIZED REPRESENTATIVE OF CYBERHACKER.AI IN WRITING OR EXPRESSLY INCORPORATED OR REFERRED TO IN THIS AGREEMENT.

14. Termination a) If either party breaches a term of the Agreement (“Defaulting Party”) and the breach can be remedied, the other party (“Non-Defaulting Party”) may give the Defaulting Party not less than seven (7) days’ notice to remedy that breach. If the breach is not remedied within the period stipulated in the notice, the Non-Defaulting Party may give the Defaulting Party a further notice immediately terminating the Agreement. b) Either party may terminate the Agreement by notice to the other party immediately upon any of the following events: i. if the other party commits a material breach of this Agreement which cannot be remedied; ii. if the other party ceases to carry on business as a going concern; iii. if an Insolvency Event occurs in relation to the other party; or iv. if the other party commits a serious criminal offence. c) Termination of the Agreement will not affect any rights or obligations of either party which arose prior to the date of termination. Cyberhacker.ai will not be liable to the Client for any Claims by the Client relating to the termination of this Agreement by Cyberhacker.ai in accordance with this clause 14.

15. Confidentiality a) Each party owns all of its Confidential Information. During the Agreement and after its termination, each party can use or disclose the other party’s Confidential Information only to (i) perform the Services, (ii) professional advisors on a confidential basis for the purpose of obtaining advice, (iii) if the disclosing party has consented in writing, or (iv) if required by law. b) Upon termination of the Agreement, the recipient of Confidential Information must at the disclosing party’s discretion, deliver to the disclosing party or destroy all Confidential Information in the recipient’s possession or under its control; and delete all Confidential Information held electronically in any medium in the recipient’s possession or under its control. The recipient may retain one copy of any Confidential Information as required by law, which must be retained for compliance purposes, contained in which cannot be practicably deleted or information which must be retained as required by Law, any accounting standard, or the rules of any stock exchange or for sound corporate governance purposes and any information contained in working papers or files prepared by Cyberhacker.ai in connection with that report.

16. Data Protection a) The Client warrants that it has the legal right to disclose all Personal Data that it does in fact disclose to Cyberhacker.ai under or in connection with the Agreement. b) Cyberhacker.ai warrants that:

• It will act only on instructions from the Client in relation to the processing of any Personal Data performed by Cyberhacker.ai on behalf of the Client. It will hold the Personal Data in confidence and strictly for use in connection with this Agreement and not use the Personal Data for any other purpose nor to contact individuals other than as strictly necessary to enable the provision of the services; and

• It shall comply with the provisions of the Applicable Data Protection Legislation in relation to all Personal Data that is processed by it in the course of performing its obligations under this agreement. In particular, but without limitation, Cyberhacker.ai shall warrant it has in place appropriate security measures (both technical and organizational) against unlawful or unauthorized processing of Personal Data and against loss or corruption of Personal Data processed by Cyberhacker.ai on behalf of the Client; and

• To the extent permitted by law, it will notify the Client of any actual personal data breach within 48 hours at the address listed in the Agreement; and

• It will fully cooperate with the Client in supporting compliance with Applicable Data Protection Legislation, including but not limited to, assisting the Client in providing subject access and allowing data subjects to exercise their rights under Data Protection Legislation and promptly acting on the Client’s requests with respect to the Personal Data, which may include their secure destruction; and

• Should in fulfilling their obligations under the Agreement or pursuant to other lawful instructions from the Client, Personal Data may be transferred, directly or via an onward transfer, outside the US, Cyberhacker.ai shall rely on measures such as Standard Contractual Clauses, Privacy Shield, or Binding Corporate Rules as allowed by Applicable Data Protection Legislation.

17. Intellectual Property a) In relation to any report provided by Cyberhacker.ai to the Client pursuant to the Agreement, Cyberhacker.ai grants the Client an irrevocable and non-exclusive license to use the content of that report subject to the terms of the Agreement, provided that Cyberhacker.ai retains copyright in that report. b) Subject to clause 17-a, all Intellectual Property and similar rights in any other document, work, or other matter developed, created, owned, or contributed to by Cyberhacker.ai belongs to Cyberhacker.ai and Cyberhacker.ai owns all rights, title, and interest in that Intellectual Property. c) During the Term and after the End Date, the Client will not use any of Cyberhacker.ai’s Intellectual Property except as expressly permitted by the Agreement nor register or use any name or mark similar to or capable of being confused with Cyberhacker.ai’s name, business name, or trademark. d) Subject to this clause 17, any Intellectual Property of the Client as at the date of the Agreement will remain the property of the Client.

18. Cyberhacker.ai Staff a) While Cyberhacker.ai is providing any Services to the Client and for a period of 12 months after the End Date, the Client will not make an offer of employment to any employee or contractor of Cyberhacker.ai. In addition, during that period, the Client will also not solicit, induce, or entice any employee or contractor of Cyberhacker.ai to cease to work for Cyberhacker.ai. b) Clause 18-a does not prohibit the Client from publishing a bona fide employment opportunity with the Client to the general public or making an offer of employment to a person who has responded to such an advertisement or publication.

19. Dispute Resolution a) Any dispute or disagreement in relation to or in connection with the Agreement in any matter (“Dispute”) is to be resolved in accordance with the procedure provided in this clause 19. In the event of a Dispute, the party seeking to have it resolved must issue to the other parties a notice setting out all details relevant to the Dispute (“a Dispute Notice”). b) Within 14 days of receipt of a Dispute Notice, the senior management of the parties to the Dispute shall meet to negotiate resolution of the Dispute. The parties agree that those negotiations must be conducted in good faith. c) In the event that the Dispute is not resolved in accordance with clause 19-b, within 14 days of receipt of a Dispute Notice, the Parties will attempt to settle it by mediation in accordance with the State of Maryland Alternative Dispute Resolution procedures. Unless otherwise agreed by the parties, the mediator shall be nominated in the State of Maryland. To initiate the mediation, a party must serve notice in writing (“ADR Notice”) to the other party requesting a mediation. The mediation will start not later than [number] days after the date of the ADR notice. If the Dispute is not resolved by mediation, either party will be entitled to take legal action. d) Nothing contained in this clause 19 will prevent a party from seeking urgent interlocutory relief.

20. Miscellaneous a) Unless otherwise specified, the Agreement contains the entire agreement between the parties in respect of the subject matter of the Agreement and supersedes any prior agreement or understanding (if any) between the parties in relation to the subject matter of the Agreement. b) Any amendment to a term of the Agreement must be made in writing executed by the parties. c) The Client can only assign its rights and obligations under this Agreement with the prior written consent of Cyberhacker.ai, unless such assignment is in relation to an internal reorganization of the Client’s business and where the assignment will be made to another member of the Client’s group. No one other than a party to the Agreement, their successors, and permitted assignees shall have any right to enforce any of its terms. d) If any provision or part-provision of this Agreement is or becomes invalid, illegal, or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Agreement. e) The Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the applicable laws, and the parties irrevocably agree to submit themselves to the exclusive jurisdiction of the courts in the State of Maryland.

Schedule 1: Security Testing Terms

1. Application of these Terms a) These Security Testing Terms apply if security testing and assurance services are provided by Cyberhacker.ai. b) The Client warrants that it is aware of the nature of the Security Testing Services, in particular that the Security Testing Services may include: i. Simulating or performing controlled Cyberattacks on the Client’s Systems; ii. Deliberate attempts to penetrate the security Systems of the Client, which may be provided by a third party; iii. Red teaming (including, but not limited to, deliberately masquerading as a hostile attacker with the intention of detecting vulnerabilities) activities in relation to the Client and its premises and Systems; or iv. Deliberately allowing unauthorized access to the Client’s network or Systems for the purpose of analyzing threat vectors and origination; and v. Acts that may put the Client in breach of its agreements including, but not limited to, third party supplier’s terms of supply.

2. Acknowledgment and liability a) The Client accepts that the Security Testing Services: i. Are sample testing activities only and cannot account for all possible ways a third party could breach the Client’s security measures or Systems; ii. Do not implement any security measures and will not prevent security or data breaches, or Cyber-attacks; iii. Could result in interruptions or degradations to the Client’s Systems and accepts those risks and consequences; and iv. Although carried out by professional Cyberhacker.ai Personnel and tools from trusted resources, carry an element of risk that can never be fully eliminated, and the Client accepts that there is no guarantee that every vulnerability in its Systems will be identified during the Security Testing Services.